Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 19:59

General

  • Target

    f1ce9c4e686f228f9d530be4afcb0c6e_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    f1ce9c4e686f228f9d530be4afcb0c6e

  • SHA1

    2bf551df28fd9dcc01a12f99355ad8ecf2eac25d

  • SHA256

    e0280d09d87b5a3da57f4513570827d2f1ba65f1f189d96850f23e207e70ad3e

  • SHA512

    719d1ec1dbce22d4d98ba2d174785fc0181c93c487546b1784ad3485d1b191e1cfeac107a657ec9c2c651d767c6a57a0079a82a0281d76362f62595f3368fa47

  • SSDEEP

    384:2dabMiRhjpOFNGDHvuGox8zIlakT3XTmm81PW6vc1otY:/hQWPxoxXaGmm81PW2ccY

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1ce9c4e686f228f9d530be4afcb0c6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f1ce9c4e686f228f9d530be4afcb0c6e_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    PID:4424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\hp5E8B.tmp

    Filesize

    30KB

    MD5

    f6f0acbab6b77cfceb1a99728196ee44

    SHA1

    19fb35f4a009cae13d5af5e16e957bb5b9db4b66

    SHA256

    3c0b6fdfe2072f53011e8aceafebfab52a656cad7151fa442373ecded1bbc6f7

    SHA512

    61e9e588647a37b570d7a36b98fb89d652ade2bda53267a236c1f79f69cad6d065816ed7d46bdb79375ba2fe51ea072cefbb99433feac301d127d92611439635

  • C:\Windows\SysWOW64\msvol.tlb

    Filesize

    6KB

    MD5

    e7afa16c233058649d7348fe6cedb3c9

    SHA1

    a183ce118461f883180a6146f320002421a5f540

    SHA256

    05623ad481a440cb866fb44f5e6394834422955685b64fc697e9ceb242627f8e

    SHA512

    286b64a7978c0863bc5ece49cdf9613212acd6b8d035a6ed46c32d3d77790b2c27d6cf9e5adeeb4f74b5f33cbdc9e831959980decbc89615f3053a9de13fe0ad