Analysis
-
max time kernel
142s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 07:03
General
-
Target
e96b716d8211744daf8626838b9e190f_JaffaCakes118.exe
-
Size
25KB
-
MD5
e96b716d8211744daf8626838b9e190f
-
SHA1
da5e98c9362e73f08236a3ff03c94c78e3d5210f
-
SHA256
cabae28652ec4ff34f5edf012496be16511ecef87a7f70f139f03bf456a4b76c
-
SHA512
00295152c93f701fdf1738264db27da8e725519aa7313d79360aa059176c6e4445c1528962d0ac0209137f632f570742d1459e928718683f06eb633e29a6725f
-
SSDEEP
768:hAjP2Kill341cpOIqBv+mh5pHFICMYDg1WyvXu6:hAjP2K4o1cqBvjJzMuyWyv
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 46 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e96b716d8211744daf8626838b9e190f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e96b716d8211744daf8626838b9e190f_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\BhoPlugin.dll,Install2⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\System32\regsvr32.exe" C:\Windows\system32\BhoPlugin.dll /s2⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Modifies registry class
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240655140.bat2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
226B
MD565da4149f1700999708ba3241575b77d
SHA17e1b2c651b7b4a8e44a179487f70f78213988250
SHA25682eaf35dcef017a273e660ce175985a8ba6d13c8d39aa6784c56fdf8af495ee9
SHA512f876c7c8304faaa04618e44f0f1cd0d7fe3b9e8b4918ab1361d44bc38d54ef637b0dfaff586f857836e9a831d8dcf52724ba1724db78fa1e1cb54993775f2b63
-
Filesize
60KB
MD544a7174c200fc03cc13e275810e5ab51
SHA198c3832d478bf3c55d4d4c7f47c779a56e55309b
SHA25619b962cac5a42bf81ecc45b878d8a2b2490cdf051e107f378e87049ff3e7b69f
SHA51203f62300435f4498637382e480b6aa09db13a1e03d729b034cbfcbbbe9c7fafbb82706cf4e32890d3d8e0fa9367ae89da7da3251e0102879bd3de05f5078e1bb
-
Filesize
84KB
-
Filesize
84KB