2612939aa6c0f4e4e78b8dab03855d91d0146170851c87cefde35fc3be79ddbe

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 02:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
Size

1.6MB
MD5

fbc169862195cf1abf2f4b7c5107a322
SHA1

f54029abad73f6bbc790de12541fd10f8dfd0a9a
SHA256

2612939aa6c0f4e4e78b8dab03855d91d0146170851c87cefde35fc3be79ddbe
SHA512

86d9409dca91e48a94bbfa624927de5c4004e10428fb227c4d95ae10dc043af4faab27825ca0984b280ff49b1e6491dc837d681eba6662073d12d1ffb1b31ad8
SSDEEP

49152:ytsMW2cxPu2+oVhIdDBx8coi7uEhGT35N+CSRmiRc:yt6lNsdNxyquEkT3r+tR

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\syst.dat	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Software\Microsoft\Internet Explorer\TypedURLs	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
2028	fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbc169862195cf1abf2f4b7c5107a322_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\syst.dat

Filesize
59B

MD5
608cc37046815bca65f8911101fde569

SHA1
1973bd22e2f6dd8676c25bd2ccc9a778e444b9cc

SHA256
851cbe5bfdcd2e18005852408243b985ad81f90d8f36d7fe479b460cf0015efd

SHA512
39d967911fcbad11d2672bb6dca1d426ef4cfdaeb8555248baf51df0ccbbb1d38da0d849e7e54a165889d772aacaf26f58383d2593b3a41898d6f824d2addeb8

Download Submit
memory/2028-0-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/2028-4-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/2028-6-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/2028-158-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/2028-459-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download
memory/2028-836-0x0000000000400000-0x000000000082F000-memory.dmp

Filesize
4.2MB

Download