6b7246f7914fc833f9f619ede4509ac4f30e8d44a628b3c91e21e92e675f8662

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 00:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe
Size

182KB
MD5

0d09e131cb0bfa9df62d32f25420c04e
SHA1

02224aabc27fd7293313aaeb4970f4da58ed59ec
SHA256

6b7246f7914fc833f9f619ede4509ac4f30e8d44a628b3c91e21e92e675f8662
SHA512

de5910728c8b9085166ad00f86c28adc3262c65afdc8fab67fb36a98a27cc08ad07d61c76062895b622eb47469ca403a318f06f2313bf6b087d4366c37b9c7b3
SSDEEP

3072:mvstUKlvJ2+usOKDUcJaCcBBoKxiAga+4WvNc+xiz8TnYvclg6JFa9EGyLQEXmsT:m0tU7bsJ6RBoL4T18bPlLJFbLQI1LiL4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2040	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe
2040	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2040	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2040	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe
2040	0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0d09e131cb0bfa9df62d32f25420c04e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dfs122A.tmp

Filesize
251KB

MD5
a1bebaea757db992d76e8a5a85e4aabd

SHA1
2ceeeb96fcd6a71d3d0ea2c1d67b891a3abd4ffb

SHA256
80e8d587f59e07b0b5936677c76bb194f048429321f5a57382198015b9f127ae

SHA512
3b6727584b222031b8948a1c1ca480ed20d378d95ffdc351eac4e936516af4304200e162d2a3eec8e2ddb236829e08a2a3269655076530044d6294ae84fd16bb

Download Submit
memory/2040-11-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-22-0x00000000012C0000-0x0000000001334000-memory.dmp

Filesize
464KB

Download
memory/2040-2-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/2040-7-0x00000000003C0000-0x0000000000404000-memory.dmp

Filesize
272KB

Download
memory/2040-8-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-9-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-3-0x00000000740BE000-0x00000000740BF000-memory.dmp

Filesize
4KB

Download
memory/2040-10-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-14-0x000000000A870000-0x000000000B016000-memory.dmp

Filesize
7.6MB

Download
memory/2040-1-0x00000000012C0000-0x0000000001334000-memory.dmp

Filesize
464KB

Download
memory/2040-23-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/2040-24-0x00000000740BE000-0x00000000740BF000-memory.dmp

Filesize
4KB

Download
memory/2040-25-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-26-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-28-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-29-0x00000000740B0000-0x000000007479E000-memory.dmp

Filesize
6.9MB

Download