fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
Size

3.0MB
MD5

496ab814cb6cae04d292c6fe2fec4577
SHA1

d7ca785c06e2cf7d23b0736fde5643c69baae592
SHA256

fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540
SHA512

d23d47b66770af4e13a04265d9e4a46d5e62b93361d45b2ad6720b89d638a3e4d59eced1fd8f86d7711708a4158cd5487cf2509c2feb3e32cee368ab113afe91
SSDEEP

49152:rOcpcn6JBfJXAE7qKe9uAscv6r7vpDa+hYLgPmwxZjH8P5no00MBrT5tSOqJ8Vp9:inWBfKEJOD6/eghJKhQAyMCBcB7Mhlkn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

pid process

3048 fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

pid	process
3048	fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
3048	fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3048

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads