2612939aa6c0f4e4e78b8dab03855d91d0146170851c87cefde35fc3be79ddbe

Analysis

max time kernel
151s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 02:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
Size

1.6MB
MD5

fbc169862195cf1abf2f4b7c5107a322
SHA1

f54029abad73f6bbc790de12541fd10f8dfd0a9a
SHA256

2612939aa6c0f4e4e78b8dab03855d91d0146170851c87cefde35fc3be79ddbe
SHA512

86d9409dca91e48a94bbfa624927de5c4004e10428fb227c4d95ae10dc043af4faab27825ca0984b280ff49b1e6491dc837d681eba6662073d12d1ffb1b31ad8
SSDEEP

49152:ytsMW2cxPu2+oVhIdDBx8coi7uEhGT35N+CSRmiRc:yt6lNsdNxyquEkT3r+tR

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\syst.dat	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TypedURLs	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
640	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
eeb28f38f174e401c216b2bf8ad7e414

SHA1
d4dbf59f8b0cae6b21fec78a11065f4340da9383

SHA256
37fbe9e3a3d32591510faa72a97be2965f658f461a969f8e0acc55cbbed458ed

SHA512
7a4147ab2584c918a8ee9e93723d5d34384c4916cd3b7af56c6fb459205cb82bb4fae9220edf198d4e68d2c8f13d8564d9208161b310399ace913df7f9b7e909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b158a6f922cd6784caa182e05165a437

SHA1
156b2be609cdcf2af0a37ad856c6fed0ecf81252

SHA256
576a555e983fca6624ab2d5cf73860ec0fa901e35eb1d697596c86669804d176

SHA512
452961d7f04b1756af6db559a2658a090e79b6ce612c31b142a22e062086003b93c0fbb8e65024b453d66184de966ae7e61b40fd92b1c96e3cdad1ba1b182b16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d81374472243f532c5964b584989e73

SHA1
67ad7969d22f810c0916c9679b4ffd82e2700c85

SHA256
9a9353243ace694e6a7d1ed0ce4b52fec199074374f1c93229661791dffddb23

SHA512
125f88d03e694387948efbfee200eef02adf0bcaaf7652d12eccd3e839cc73e76d66cf827e416203f81fc7703be37c7361ef745862fcd47c987e6d849542476e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f69e66f7a667c3edffd41a9b1aa37974

SHA1
a54688337e0b0c50049923ef4c332533bceabdb7

SHA256
ea1f94f4eacf2ba893dc6addefc16f2e1a20afe541b5c45a982c72496ded6fac

SHA512
fb6c9215d186fb80199581cf705fc9624b665736858c48d617ea20b2eeefdf3e3fc499137df5b16552cd8f188c4db57ae214b0d804fdad89421e9a377e19a15f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3f5fa5a51e69a5f78feab70b6e3fd2a

SHA1
57068f37290b6413b3bac9b9c860838c974a6a9b

SHA256
3214d827816eb6951221c98d5c0bc3c8c887f9c741acb1e1d62fd3a2be756faa

SHA512
f7decb29851cd397b8acb044f06e9087f4b1e7e28750ee2a2047d1b7df0fb913053bc172ddca6452e4c9d2f5d755ca026b6f2ed52c156238102902ce425def69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87f7f64358682c18ccb951fd7b8fc310

SHA1
dd32fef08c955cca069cc35e01532eb0aad2d211

SHA256
1ae4c493f39ff8411f46f96347884e5101f24ff10dc50779edf08d5bf4b543f8

SHA512
6c33e18598dbcd6a59166d7650441aa7105a3a045d00e642b097e008febeed8a8c0ce199bd49dfacc25ca559b5fa9b8772908d142ef173ffe11c2969a4766583

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA664.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Windows\syst.dat

Filesize
59B

MD5
608cc37046815bca65f8911101fde569

SHA1
1973bd22e2f6dd8676c25bd2ccc9a778e444b9cc

SHA256
851cbe5bfdcd2e18005852408243b985ad81f90d8f36d7fe479b460cf0015efd

SHA512
39d967911fcbad11d2672bb6dca1d426ef4cfdaeb8555248baf51df0ccbbb1d38da0d849e7e54a165889d772aacaf26f58383d2593b3a41898d6f824d2addeb8

Download Submit
memory/640-2320-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-277-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/640-180-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/640-178-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-1802-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-727-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-2994-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-3567-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-4328-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-4629-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-4928-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/640-5303-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download