1960c46592f84d93130f335bcc0ca56ebe8751de1575294c701ee75951df5bba

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe
Size

1.1MB
MD5

234fe70ec0e8dfc6567b53287b8a2820
SHA1

f66640d8381036999ca14aad04b993e257dd85e2
SHA256

1960c46592f84d93130f335bcc0ca56ebe8751de1575294c701ee75951df5bba
SHA512

6d28e130419f2e5d1e8568c97c9412799e47496f093fa45b2dccc45e6893b4f2f802fb50817b973180be661448e2dc8b0eca04bd8a4850e0141297b7a888391f
SSDEEP

24576:tWvknOMEfIRKAcmfVViN8STlZIpLDgMD/5Xh3AgYld/gjQoIBtyH+Y:tUeOMm4EmfXa8s0pXgMD/z3XYl4+Y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3596	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 3596	3928	234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe	84
PID 3928 wrote to memory of 3596	3928	234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe	84
PID 3928 wrote to memory of 3596	3928	234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\234fe70ec0e8dfc6567b53287b8a2820_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Users\Admin\AppData\Local\Temp\a23tmYsVQS\x2Kj2SKj\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a23tmYsVQS\x2Kj2SKj\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a23tmYsVQS\x2Kj2SKj\Setup.exe

Filesize
1.1MB

MD5
234fe70ec0e8dfc6567b53287b8a2820

SHA1
f66640d8381036999ca14aad04b993e257dd85e2

SHA256
1960c46592f84d93130f335bcc0ca56ebe8751de1575294c701ee75951df5bba

SHA512
6d28e130419f2e5d1e8568c97c9412799e47496f093fa45b2dccc45e6893b4f2f802fb50817b973180be661448e2dc8b0eca04bd8a4850e0141297b7a888391f

Download Submit
memory/3596-666-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3928-63-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-50-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-40-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-30-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-22-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-21-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-18-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-9-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-62-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-107-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3928-106-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download
memory/3928-61-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-60-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-59-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-58-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-57-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-56-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-55-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-54-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-53-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-52-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-51-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-49-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-48-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-47-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-46-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-45-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-44-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-43-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-42-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-41-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-39-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-38-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-37-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-36-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-35-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-34-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-33-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-32-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-31-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-29-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-28-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-27-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-26-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-25-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-24-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-23-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-20-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-19-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-17-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-16-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-15-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-14-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-13-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-12-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-11-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-10-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-8-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-6-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-7-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-0-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download
memory/3928-1-0x0000000002130000-0x000000000222E000-memory.dmp

Filesize
1016KB

Download