91ce837a5bac6de4db92a9543526883d187282b18004179e092e4120c9e2b4b7

Analysis

max time kernel
135s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 11:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe
Size

312KB
MD5

127a43d3f4dc94c5bdbd8f58fb612a15
SHA1

3bd0b48d5dff1739b785634eb13879b9a692c4b0
SHA256

91ce837a5bac6de4db92a9543526883d187282b18004179e092e4120c9e2b4b7
SHA512

3a8d8383883bee7531eb436c9431a674c739e6a7c8e30ab597820d3e7ba45c705ab6ec8923d44abb422fb7c9a2fb4051d9468cecec817524cb7896fb82a99f40
SSDEEP

6144:+weks+CRCTGLyoE2fsAu6DKzM/mfiQXo23696uTYh:PeknCITyyoE2fsWKzM/iuFS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2336	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe
2336	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2336	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe
2336	127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\127a43d3f4dc94c5bdbd8f58fb612a15_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bhs1F24.tmp

Filesize
242KB

MD5
650be658621de5c2f84523f695b7605d

SHA1
3f26830b119f0c9448513741fd13e0ea130b5ee2

SHA256
8194a031bd3d0b409e91d572ee1de54e6cd02b10598f5d47aa2287245c232936

SHA512
9e7af3d5a428b776f4c76b6178f1ee69f9641caf36fc44a2898c325e53ddbf4f1dfcc8d64b7825d022fbc52e727d2465166f3365909d87af2ddfea1b649ea463

Download Submit
memory/2336-7-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-3-0x0000000000280000-0x00000000002C2000-memory.dmp

Filesize
264KB

Download
memory/2336-4-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-5-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-6-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-0-0x000000007429E000-0x000000007429F000-memory.dmp

Filesize
4KB

Download
memory/2336-10-0x000000000AD10000-0x000000000B4B6000-memory.dmp

Filesize
7.6MB

Download
memory/2336-18-0x000000007429E000-0x000000007429F000-memory.dmp

Filesize
4KB

Download
memory/2336-19-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-20-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-21-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2336-22-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download