24a82936420cde7f9dfb7e95ad21dd82ec4e08098154d213efaf98e3022cf9b1

Analysis

max time kernel
142s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
Size

14.8MB
MD5

eb4726176b7d6def7512e21d02ed6c6b
SHA1

09c1de26004401ab735ff0017ccc3c056bdb0097
SHA256

24a82936420cde7f9dfb7e95ad21dd82ec4e08098154d213efaf98e3022cf9b1
SHA512

8206fa8a83c24cf58032f34bec6ca0a0892b5db182eee3caab992c41ddf2ee4bef99f8b219e12d36ec8449470e067f8207237d8c023452493c9745da46db8523
SSDEEP

393216:2Pzn/SFKehyVIpQq362HTeLIfYw3W5gWd3lNw0:2rSphyCO52zeLIfj6jj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
2976	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
2760	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2760	2976	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe	28
PID 2976 wrote to memory of 2760	2976	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe	28
PID 2976 wrote to memory of 2760	2976	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe	28
PID 2976 wrote to memory of 2760	2976	eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\images\btn-bg.png

Filesize
187B

MD5
df6389f4676a99c481cbbaed9d0179fe

SHA1
f386f5fd4bbab6fe738230b4a02066fe649f7aa1

SHA256
af4dc7304bfe9da3cff1646a90ed298a3a6df62047775970ff0abed7c6e9779e

SHA512
5a2e897daaceaff61e7a7fd4b2771e4a75e3973188bc546f0cdea8d15b19cb732bad99a470163a98336f53f33a2ec69153c028fd4dd62d16e26d2042a8e737ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\images\windows.jpg

Filesize
44KB

MD5
0c033d2d431acf451488fa8eedf7abdc

SHA1
e1296633918c8ef6653847dedcd7bfa9e12cb627

SHA256
99b1943e1dda4dce98f339c75941a709bbfbf6d93243cd8c3e2887d8c27136d5

SHA512
6006a3cb375154506fc6ef5338c3458e78d7aa568c8f167433182cf00781c9bf67579fe32824fd4c8754ad48e48a5740151a9dafadde372229a2032e9183b6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\js\bramus\jsProgressBarHandler.js

Filesize
16KB

MD5
d645bc10d1d3209e03495ba67d167757

SHA1
1ea1c520251538032952825e11c55519a039189e

SHA256
f411aa3b252e12cb6192b052819337096a855cb182e89110f3bad35c68fc137f

SHA512
d640797b117f9ec0c2570565da0294f93e7fc3fc5dbff8492221266889d8c27c162bfa07dd1eb8d18e85fcc3e9f6d2801cc18cc9faa3e7cf123566b3f229f42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\js\prototype\prototype.js

Filesize
123KB

MD5
d3a5b20d5368c1bcabe655b57b52d097

SHA1
015cf89260f3e8f0b86f5a17558125c933692989

SHA256
e9cca17c4320baac34e9ea5a41357ae0baffdd1beed813c2ef1f82d1179e9868

SHA512
1fd0889623b195a6faf905a2a662fc08173e76ac9490e2aaf9a96390f2184d71c1d5f29c61553bab34a3ea4626226fbd9eba4a2085afb5994290c31fb87a68c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\page.html

Filesize
1KB

MD5
3ac507e36b0f2e55571133ad1b0fa400

SHA1
5d11312861c5c6750ff60c79646951064906d8b7

SHA256
7dbcc036716712e3a82b915160faa7c7ed897d25581331eabe802a10131bd753

SHA512
07a6da7bc8c7b7984076366dd2b2d96bda39ba853a1b74254cf550e767627ff15725a21e3bf91f859c44d770106840f87912591d32861e203653f0f1e6eac43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\page2.html

Filesize
1KB

MD5
0804815d42b4373f96f13bd7f059e8d7

SHA1
353ee8f970ec5f96eef70f050adf0985305b17c0

SHA256
de1fc9576eb440940a8927e4c1f7da6632ed91a3ea5763b661bf0d2465a2d4c7

SHA512
95304808e4a6cf2f684059a65e96fd8a264369d84f04c57a83d389035a31552c19439ecd4a32db515f57538aa83e06fdb4799bb94e366be660137298800f8b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\1rwcbign.hld\html\style.css

Filesize
1KB

MD5
0ea518f9fb46e2389269003bea78436d

SHA1
fb0a3abe4bb4de9e5f026ec96cc2f89591207c39

SHA256
54df739334ffb628170df192a4ba16f0fb78465dc375b40a29b51cf4bfc39de7

SHA512
bf931b05539f612a819e06e7ffb08d227202232b6345444d22002b11ef9fb292ffc2cb386a96d99ae6ed781daec40c5f2a3cd1a482a701a9d5573d86815bc4b8

Download Submit
\Users\Admin\AppData\Local\Temp\1rwcbign.hld\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
\Users\Admin\AppData\Local\Temp\1rwcbign.hld\eb4726176b7d6def7512e21d02ed6c6b_JaffaCakes118.exe

Filesize
14.7MB

MD5
ed394f4207825fede2cd78231cc375b8

SHA1
9a2694464a4d813f677c1edb5e1864c0c7d41f7c

SHA256
6741aa059caf95e1f40ebb9bfabe137bdd94896c59102d80713e6a1b8a6d7ff7

SHA512
dbb44538f0043a8fc5c92a817f3bb10e777277e2960ffeb02045b5e5f9602588b29f251e1b5984f7981d442208ca49d6b5b4b5b063149bf09b1fb38e14271dbe

Download Submit
memory/2760-160-0x0000000075870000-0x00000000764BA000-memory.dmp

Filesize
12.3MB

Download
memory/2760-152-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2760-402-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-19-0x0000000075490000-0x000000007553C000-memory.dmp

Filesize
688KB

Download
memory/2760-22-0x0000000076770000-0x00000000767C7000-memory.dmp

Filesize
348KB

Download
memory/2760-21-0x0000000077260000-0x00000000772A7000-memory.dmp

Filesize
284KB

Download
memory/2760-23-0x00000000751F0000-0x00000000751F9000-memory.dmp

Filesize
36KB

Download
memory/2760-24-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-26-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-27-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-25-0x0000000075870000-0x00000000764BA000-memory.dmp

Filesize
12.3MB

Download
memory/2760-30-0x00000000770E0000-0x000000007723C000-memory.dmp

Filesize
1.4MB

Download
memory/2760-31-0x0000000074FC0000-0x000000007501B000-memory.dmp

Filesize
364KB

Download
memory/2760-33-0x00000000765C0000-0x00000000765F5000-memory.dmp

Filesize
212KB

Download
memory/2760-34-0x0000000076A20000-0x0000000076B3D000-memory.dmp

Filesize
1.1MB

Download
memory/2760-169-0x00000000751E0000-0x00000000751E5000-memory.dmp

Filesize
20KB

Download
memory/2760-45-0x0000000076D40000-0x0000000076DCF000-memory.dmp

Filesize
572KB

Download
memory/2760-46-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-55-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-137-0x00000000742B0000-0x00000000742C7000-memory.dmp

Filesize
92KB

Download
memory/2760-139-0x0000000074230000-0x0000000074245000-memory.dmp

Filesize
84KB

Download
memory/2760-140-0x0000000074250000-0x00000000742A2000-memory.dmp

Filesize
328KB

Download
memory/2760-142-0x0000000077240000-0x0000000077259000-memory.dmp

Filesize
100KB

Download
memory/2760-141-0x0000000074220000-0x000000007422D000-memory.dmp

Filesize
52KB

Download
memory/2760-143-0x0000000074110000-0x000000007415F000-memory.dmp

Filesize
316KB

Download
memory/2760-145-0x0000000077240000-0x0000000077259000-memory.dmp

Filesize
100KB

Download
memory/2760-146-0x00000000740F0000-0x000000007410C000-memory.dmp

Filesize
112KB

Download
memory/2760-144-0x0000000074160000-0x00000000741B8000-memory.dmp

Filesize
352KB

Download
memory/2760-149-0x0000000076DD0000-0x0000000076DF7000-memory.dmp

Filesize
156KB

Download
memory/2760-147-0x0000000075420000-0x000000007542C000-memory.dmp

Filesize
48KB

Download
memory/2760-150-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2760-151-0x0000000000330000-0x000000000036D000-memory.dmp

Filesize
244KB

Download
memory/2760-168-0x0000000074FC0000-0x000000007501B000-memory.dmp

Filesize
364KB

Download
memory/2760-153-0x0000000077260000-0x00000000772A7000-memory.dmp

Filesize
284KB

Download
memory/2760-155-0x0000000075490000-0x000000007553C000-memory.dmp

Filesize
688KB

Download
memory/2760-406-0x0000000006F00000-0x0000000007000000-memory.dmp

Filesize
1024KB

Download
memory/2760-161-0x0000000076770000-0x00000000767C7000-memory.dmp

Filesize
348KB

Download
memory/2760-162-0x0000000075300000-0x000000007534A000-memory.dmp

Filesize
296KB

Download
memory/2760-166-0x00000000770E0000-0x000000007723C000-memory.dmp

Filesize
1.4MB

Download
memory/2760-165-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-163-0x0000000075140000-0x00000000751BD000-memory.dmp

Filesize
500KB

Download
memory/2760-404-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-405-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-170-0x00000000765C0000-0x00000000765F5000-memory.dmp

Filesize
212KB

Download
memory/2760-171-0x0000000076B40000-0x0000000076B46000-memory.dmp

Filesize
24KB

Download
memory/2760-174-0x0000000075770000-0x0000000075775000-memory.dmp

Filesize
20KB

Download
memory/2760-176-0x0000000074250000-0x00000000742A2000-memory.dmp

Filesize
328KB

Download
memory/2760-177-0x0000000074230000-0x0000000074245000-memory.dmp

Filesize
84KB

Download
memory/2760-178-0x0000000074220000-0x000000007422D000-memory.dmp

Filesize
52KB

Download
memory/2760-179-0x0000000074160000-0x00000000741B8000-memory.dmp

Filesize
352KB

Download
memory/2760-183-0x0000000076DD0000-0x0000000076DF7000-memory.dmp

Filesize
156KB

Download
memory/2760-182-0x00000000740E0000-0x00000000740E7000-memory.dmp

Filesize
28KB

Download
memory/2760-181-0x00000000740F0000-0x000000007410C000-memory.dmp

Filesize
112KB

Download
memory/2760-180-0x0000000074110000-0x000000007415F000-memory.dmp

Filesize
316KB

Download
memory/2760-184-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2760-185-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-186-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-187-0x00000000770E0000-0x000000007723C000-memory.dmp

Filesize
1.4MB

Download
memory/2760-188-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2760-191-0x0000000075490000-0x000000007553C000-memory.dmp

Filesize
688KB

Download
memory/2760-198-0x0000000075300000-0x000000007534A000-memory.dmp

Filesize
296KB

Download
memory/2760-199-0x0000000075140000-0x00000000751BD000-memory.dmp

Filesize
500KB

Download
memory/2760-201-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-220-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-222-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-289-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-290-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-292-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-293-0x0000000006F00000-0x0000000007000000-memory.dmp

Filesize
1024KB

Download
memory/2760-403-0x00000000010B0000-0x00000000010F0000-memory.dmp

Filesize
256KB

Download
memory/2760-17-0x0000000000330000-0x000000000036D000-memory.dmp

Filesize
244KB

Download
memory/2760-15-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2760-16-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2760-11-0x0000000075300000-0x000000007534A000-memory.dmp

Filesize
296KB

Download
memory/2760-13-0x0000000000330000-0x000000000036D000-memory.dmp

Filesize
244KB

Download
memory/2760-12-0x00000000010F0000-0x00000000011E0000-memory.dmp

Filesize
960KB

Download
memory/2976-0-0x0000000074B90000-0x000000007513B000-memory.dmp

Filesize
5.7MB

Download
memory/2976-2-0x0000000074B90000-0x000000007513B000-memory.dmp

Filesize
5.7MB

Download
memory/2976-9-0x0000000004F40000-0x0000000005030000-memory.dmp

Filesize
960KB

Download
memory/2976-1-0x00000000004B0000-0x00000000004F0000-memory.dmp

Filesize
256KB

Download
memory/2976-20-0x0000000074B90000-0x000000007513B000-memory.dmp

Filesize
5.7MB

Download