4783556e306a33d0f2b82a4b252d64947c84af40d8219cc9c24892552f6f4d8c

Analysis

max time kernel
146s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
Size

3.5MB
MD5

f7c7f796efa9d426820550fe7436fdac
SHA1

4a3902551497203b2f335cc0375c3a4dd6c4fed0
SHA256

4783556e306a33d0f2b82a4b252d64947c84af40d8219cc9c24892552f6f4d8c
SHA512

f7df1cf6067aab2818f6b2739f11707ec03141bbc1b87a62c9e1c34f91af00620f63c174388736557d83135ce1b4f42593a590622112928383c0b88244bffcfd
SSDEEP

98304:I/qAVyk9q/MtommYK9zKAc0MymmYK9zKAc0M:xswxmmYK9+AcdymmYK9+Acd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2752	387E.tmp
2900	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
1732	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
2752	387E.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2752	387E.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2900	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
2900	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
2900	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
2900	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2752	1732	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2752	1732	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2752	1732	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe	28
PID 1732 wrote to memory of 2752	1732	f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe	28
PID 2752 wrote to memory of 2900	2752	387E.tmp	29
PID 2752 wrote to memory of 2900	2752	387E.tmp	29
PID 2752 wrote to memory of 2900	2752	387E.tmp	29
PID 2752 wrote to memory of 2900	2752	387E.tmp	29

C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\387E.tmp
  "C:\Users\Admin\AppData\Local\Temp\387E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe 9F8153D64F9C127A2FBC65C2EF2CCF28E297687D8DD15441F521C427C5D4EFE334C28DB8BDA8E42C6E35EB429B029FBF231E23DF90E582882DC43A2D230CB392
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\387E.tmp

Filesize
3.5MB

MD5
bfa3329a95bce54af50fb708fae819f1

SHA1
a06e45960bea6d7f45bbe0aeb0b8e6f5fcb5e19d

SHA256
356c7ece736fcd98767e9d3b65949103c34adc7c6bd9361e23e4055b9d549270

SHA512
e0a0cb21d26a132b3d873f479de016083d2d2e52c30e379eabbe4eebc270a61a51ed9c606f63383db317a6ce070d7eea17522c56b9a2c4de7863e6116839b44a

Download Submit
\Users\Admin\AppData\Local\Temp\f7c7f796efa9d426820550fe7436fdac_JaffaCakes118.exe

Filesize
1.1MB

MD5
cd75d3e263ff0d1d13aad24cdb9f2593

SHA1
cbcf46c2524176ce03cbfdb69017788282e495a5

SHA256
ccac4ef83f1484c207be895e40037f23138d911c1ec537ffd6577ef789c974c4

SHA512
16c489e2a2337bb7d23b5d6507d769a62d2c4ffd6b30c237752ab38c935eb92dcf74c75b972279f95617d82de69f25c53db819ddc1e543e35d89ad0956c3df87

Download Submit
memory/2752-11-0x0000000002E40000-0x0000000003253000-memory.dmp

Filesize
4.1MB

Download
memory/2900-13-0x0000000001170000-0x0000000001583000-memory.dmp

Filesize
4.1MB

Download
memory/2900-14-0x0000000000110000-0x0000000000113000-memory.dmp

Filesize
12KB

Download
memory/2900-73-0x0000000001170000-0x0000000001583000-memory.dmp

Filesize
4.1MB

Download
memory/2900-75-0x0000000000110000-0x0000000000113000-memory.dmp

Filesize
12KB

Download
memory/2900-87-0x0000000001170000-0x0000000001583000-memory.dmp

Filesize
4.1MB

Download