c183792f0adffdd553aa10015b8453abfb590fddd6791cabdfedb0984e156721

Analysis

max time kernel
143s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe
Size

700KB
MD5

eaa53746b91d3f62dda2bf46a5b6c3da
SHA1

9e43dce509b4a9d0bc6885539e78a33d2780f4ab
SHA256

c183792f0adffdd553aa10015b8453abfb590fddd6791cabdfedb0984e156721
SHA512

a3e9f0fc5186aa7fcbde8baabfd4284704c58913fae13d8332b95d00f77cb1b88aa63f09b1905f0fc0598e2a08733d91330b67aa9c6240dd27da9749c96367cb
SSDEEP

12288:ibo7YNQ1BeW8/LViyIakQz15bbPR3o9+FRFtgQb0lvPEb2yR7fCwohShx1:ikwQIiyIakELJ44JWTPDyR7fP

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mshta.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3156 set thread context of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\	mshta.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.muzikroni.com/google.com/"	mshta.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://www.muzikroni.com/google.com/"	mshta.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe
3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 3156 wrote to memory of 1812	3156	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	89
PID 1812 wrote to memory of 1892	1812	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	90
PID 1812 wrote to memory of 1892	1812	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	90
PID 1812 wrote to memory of 1892	1812	eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\Temp\eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\eaa53746b91d3f62dda2bf46a5b6c3da_JaffaCakes118.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Windows\SysWOW64\mshta.exe
    mshta.exe "C:\Users\Admin\AppData\Local\Temp\Untitled1.hta"
    3⤵
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Untitled1.hta

Filesize
2KB

MD5
886508d2579079ef4010230bf295d9e4

SHA1
acc791c5dcdad75ab64d8ca9d6b2e45f863cee2f

SHA256
2f13a73fded97f10794a0e7fbea5994aa7c973d9986e8c4733ef72124a2d2109

SHA512
00c5c4e6e4ea371349eddaf982dff9450e31e36f2463900687df68c18d89f442b3f8f80e3d5377dc15da93847635db119d5bd72e1b39b5a4d19da9ad32834eaf

Download Submit
memory/1812-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1812-6-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1812-9-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3156-0-0x0000000000400000-0x00000000008B6000-memory.dmp

Filesize
4.7MB

Download
memory/3156-7-0x0000000000400000-0x00000000008B6000-memory.dmp

Filesize
4.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads