9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
Size

454KB
MD5

08a3251583b49269a153c3080705ba62
SHA1

bde9ea76d3e61be5696436f2ab5525c864771038
SHA256

9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf
SHA512

ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff
SSDEEP

6144:BvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlX:s/kviXzdcH6N9h/Vl45aPU4EEkdBbX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	iobwnedxjvdevl.exe

Loads dropped DLL 2 IoCs

pid	Process
2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iobwnedxjvdevl.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3060	iobwnedxjvdevl.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3060	iobwnedxjvdevl.exe
3060	iobwnedxjvdevl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3060	2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe	28
PID 2248 wrote to memory of 3060	2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe	28
PID 2248 wrote to memory of 3060	2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe	28
PID 2248 wrote to memory of 3060	2248	08a3251583b49269a153c3080705ba62_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08a3251583b49269a153c3080705ba62_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe
  "C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
454KB

MD5
08a3251583b49269a153c3080705ba62

SHA1
bde9ea76d3e61be5696436f2ab5525c864771038

SHA256
9f21cfbb35b52e1eb3251ede95a0412cb1a813f4f288cc13459cdfef1d9d5dbf

SHA512
ee8a17318990fc4ccc6020bf837af35da7e02d3ce91d9abd852c1e1ddec54df6bba1d1dd6ee8c027579c51e35c21237c50e557cf3664590bd4bfc4b0ab38e0ff

Download Submit
\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe

Filesize
11KB

MD5
012c637753ac0d8a386081dfe410b909

SHA1
41fe035f1a2f8bc19ad18d24c1195b13935af362

SHA256
1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

SHA512
ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

Download Submit
memory/3060-4-0x0000000000BB0000-0x0000000000BF4000-memory.dmp

Filesize
272KB

Download
memory/3060-7-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/3060-8-0x0000000000C10000-0x0000000000C90000-memory.dmp

Filesize
512KB

Download
memory/3060-9-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/3060-10-0x0000000000C10000-0x0000000000C90000-memory.dmp

Filesize
512KB

Download
memory/3060-11-0x0000000000C10000-0x0000000000C90000-memory.dmp

Filesize
512KB

Download
memory/3060-12-0x0000000000C10000-0x0000000000C90000-memory.dmp

Filesize
512KB

Download
memory/3060-23-0x0000000021C70000-0x0000000022416000-memory.dmp

Filesize
7.6MB

Download
memory/3060-24-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/3060-25-0x0000000000C10000-0x0000000000C90000-memory.dmp

Filesize
512KB

Download