74704c98b76728f61dd667d3133df6b8bc78eb9bd781b35204d48eb16c464f37

General

Target

223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
Size

1.4MB
MD5

223aee4d722c65c5e0891b6c966e469c
SHA1

80097e7427d344c41180dd5ec6a9f66c87a199ce
SHA256

74704c98b76728f61dd667d3133df6b8bc78eb9bd781b35204d48eb16c464f37
SHA512

2c1e99d48c0fecd61dd4132087d48afe2ab386f7d830b3993e73605492b5117f295ba64a19ef0c3322591e050e6f8fad1e37d4f6ffb4671470f8c410181c427f
SSDEEP

24576:UhbSC2hgr7f/vzXurpcWjNpjlAZALeCZay8aA3F3/0NymLDWb2I8tyJ7KYYk0bQ:UhbSCR7f/vqdc4pj0AqCoaAtcNymLDab

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
2912	223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\223aee4d722c65c5e0891b6c966e469c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
224KB

MD5
5de3e6de5001ba45853c1824babe0774

SHA1
ce238d98ad066e53810e5872168bc84fc4f325cf

SHA256
5aa45b6024eae73a509041d0e532afef7a4a7fb5fb7e5efce29ff04313a6977e

SHA512
3b9945f6671c47cad49ab7e43ee24e430e3ce1b4d761604246c69aea9f4b8449a3133e8a7c8cf9f851e99525e7deedac414381a86f4d95faa80a471b7cb209db

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\eExcel2000.fne

Filesize
220KB

MD5
acc23e47ab8fd9a885325feaaedda802

SHA1
38811940ae3f561122a04a26f8cb8c7e5658ef2b

SHA256
3affd8f8d8d943fc8f90b90fbea62c719d6a3ba46542cca0529295104e4b4a3f

SHA512
e5b87afa7f1d1344ca66710a2c413876eda763e3b524949288599071049a96baff2758d6bb53d223eb39c57a76d3f14b59fcbfefb886fcad3aea51c0e22a181a

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\iext2.fne

Filesize
480KB

MD5
338c9901d7a5cfeafd5b5a0c502fe96a

SHA1
0caf8271b2ebe5d3bd6fd66223e3a7a1e7d3dbd4

SHA256
6cf3add9e8297e2c6e0dd3ecdf7f8500c123c7779e5807a3c58de62aeb19156f

SHA512
45feb22b3fb505cb37ea0eff3494604f04a874ac6e8e2e9b2f2bf4d801f8d79a613967d23a4d69ffe0609d1cdba2c1292e5c8a3ec98df779db51b9be77a02a96

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\iext3.fne

Filesize
380KB

MD5
b83e974b0c7c055ca74730282d9ac6fc

SHA1
a0234b4bce9ec697b92f4ec3d160d4b4360a776e

SHA256
c69a25997dd5b52556d6a72e8eb76b8d2f3e8bebfe5e64962b92849570e4bbe1

SHA512
022dd2f74fd34cb392a6a98848706f37403584e0a1adf9b8ed107675613f529208896c0228da6d318bee35936853f452b3fa87ff71274c12a0fecc2b675e7995

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.0MB

MD5
4b30dbe1a79b2b7572ff637cb3765ced

SHA1
b08eba0e9bdb62d426db8d2b3d451152a56f79a1

SHA256
4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

SHA512
40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\twain.fne

Filesize
168KB

MD5
cb719d86ad4ec43d95e30da1de22b74f

SHA1
6a5584f5d462413bef1fb12143f7ce14966f5092

SHA256
f08e9eb5780064f9bb6aef70269ff057b2deae02f05b384c87da09de4f6cc070

SHA512
d7ddb1c32794f0024dc8e34a54f5d4230d41dfbc9488d4249f3d94ce2e08848c5d485c7abc1d60ddf35e860406b138f5758c4cf24436d82dd77e16dbd8114ef0

Download Submit
memory/2912-12-0x0000000000390000-0x00000000003FF000-memory.dmp

Filesize
444KB

Download
memory/2912-28-0x0000000002310000-0x000000000234B000-memory.dmp

Filesize
236KB

Download
memory/2912-16-0x0000000000520000-0x000000000054D000-memory.dmp

Filesize
180KB

Download
memory/2912-24-0x0000000003FB0000-0x0000000004038000-memory.dmp

Filesize
544KB

Download
memory/2912-20-0x00000000022D0000-0x000000000230A000-memory.dmp

Filesize
232KB

Download
memory/2912-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2912-42-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing