c4fe7e42dc1ea441e5e53c0d717d64ca24292b84278bcca899aec0fb477b0c7b

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
Size

18.3MB
MD5

ebf41f4b5e770958b1dd11e2fb9c29f0
SHA1

0607bbea949889444d54a637acaa04a7c1a8c3ea
SHA256

c4fe7e42dc1ea441e5e53c0d717d64ca24292b84278bcca899aec0fb477b0c7b
SHA512

4d79ae7e52303a4ab9dd79459ae26554c77953c68fc1eaab50c54a5ce9f9f3153fa76320c3f1db7b6887150db9acc404039438d5bfcb765f0c15f07da1615f5b
SSDEEP

98304:EcKHfr5zfMfb5zfMXfr5zfMfb5zrMXfr5zfMmr5zv:Ev

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2468	lwlbrs.exe

Loads dropped DLL 2 IoCs

pid	Process
2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	lwlbrs.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2468	lwlbrs.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2468	lwlbrs.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2468	lwlbrs.exe
2468	lwlbrs.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2468	2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	28
PID 2784 wrote to memory of 2468	2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	28
PID 2784 wrote to memory of 2468	2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	28
PID 2784 wrote to memory of 2468	2784	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\lwlbrs.exe
  C:\Users\Admin\AppData\Local\Temp\lwlbrs.exe -run C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lwlbrs.exe

Filesize
27.4MB

MD5
97a019721fad906b86d428d058dec864

SHA1
8c715d2b4aac9420e494582688a0038eea600b84

SHA256
99d57d87271981a52b70645e962ad551234fc91e83a34081ea9b46060fdf2294

SHA512
059537452dd948b40217a67a83351245203e9c0ea2894b8132c7b31d256d9016549c2da43a713842bb49262545b6e5ce5e4cf682deaf999a56ece38c64cc0162

Download Submit
memory/2468-73-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2468-102-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2784-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2784-1-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2784-2-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2784-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2784-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2784-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2784-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2784-7-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2784-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2784-10-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2784-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2784-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2784-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2784-21-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2784-28-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2784-27-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2784-26-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2784-25-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2784-24-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2784-22-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2784-19-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/2784-18-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/2784-17-0x0000000001D60000-0x0000000001D61000-memory.dmp

Filesize
4KB

Download
memory/2784-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2784-15-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2784-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2784-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2784-12-0x0000000001D90000-0x0000000001D91000-memory.dmp

Filesize
4KB

Download
memory/2784-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2784-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-53-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2784-60-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2784-59-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2784-58-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2784-57-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2784-56-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2784-62-0x0000000002000000-0x0000000002007000-memory.dmp

Filesize
28KB

Download
memory/2784-61-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2784-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2784-54-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2784-52-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2784-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2784-71-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2784-72-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download