e4c9db7203fd4722de82adb6337d47b9382cbf1e9f9d4c945bf128d38e962766

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
Size

359KB
MD5

f091e3d95bf2ea2db32d3821571a80b7
SHA1

8beaba61d14cd04e04d700b95e5eba434a90f81b
SHA256

e4c9db7203fd4722de82adb6337d47b9382cbf1e9f9d4c945bf128d38e962766
SHA512

ae9bd88790662109f5fe78ded2b6388049a5441c1d33bb34cc6f4ec8bbe294da76e9849bdee47f0afa69478816dfda5d13c12ae654bb5ce8b0f8a91b198096c7
SSDEEP

6144:ZgRyiIWQFpUv4/B+FrM144XlzKlUAzYYbuewX79GtPuB8PxwPh79i5s/CoS9iP6p:3iMCv45+uK4VKXknewr9GBY85wPTi5sM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-27-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-33-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-35-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-40-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-44-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-49-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-54-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-55-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral1/memory/2548-62-0x0000000000400000-0x000000000050D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
2548	f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.data

Filesize
800B

MD5
d06117cbbc9155eda7a1489ddd52e6a1

SHA1
fba21405e64f4f9970d9fa873627b146074d1b9f

SHA256
b63e2b58ada5c264aa716c43fe269071f515a6ebe090bfbc96b3a076492de86a

SHA512
8481345e4a158c125c76f566b712f1281b393831a2de3a0ea5139308fce387417e4065874bbd77e8e2b0c830a116338680d8d823ec80b4b967c999fb3de6eeb4

Download Submit
C:\Users\Admin\AppData\Roaming\GetRightToGo\f091e3d95bf2ea2db32d3821571a80b7_JaffaCakes118.htm

Filesize
635B

MD5
33f09577707d079a40f706a18e126d92

SHA1
0cef1f55b72a84e584a51e79a6787ea78d74a603

SHA256
e7f6bd122fcb829793f4047a5b929668b0a91ebfe31247b479586ec6d8f2b378

SHA512
5538c5b4e538a97796bfc412b3a81449931a9bbc1fa4e69500a0b30b35c1259bda857f392d85d87893999098bc88a432f28d2f699fadc295709a75b8113933cb

Download Submit
memory/2548-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-27-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-33-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-35-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-40-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-44-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-49-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-54-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-55-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2548-62-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download