fefaf79d95f6aeaa2a16c12d8b1bfb453017febc396ffe879ecb7d05abb0247b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe
Size

2.1MB
MD5

2601b8650a3c21e99e77b0c70dd976cd
SHA1

e015b83443ff1bb2d550c4392d7095d602b1d9f2
SHA256

fefaf79d95f6aeaa2a16c12d8b1bfb453017febc396ffe879ecb7d05abb0247b
SHA512

1f25e7e7ed899c811f732bb9d94be7cda69c4bfbe8a683fda10a83e114e19d4d8fee76e2573b321071ce7016880aaa283ee586fa344828c6c326ae9a7d85b105
SSDEEP

49152:5SQ6pF2spI404sBC0e1Ic+zJTfcTykyML8wq8e2+D2:5cF2p+sw91IH5EyYci

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1660	2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe
1660	2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2601b8650a3c21e99e77b0c70dd976cd_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E157AD86-5B8C-FCFB-376D-4B86F2A6F47A\0\jquery.min.js

Filesize
90KB

MD5
8b057f40439a72781f73283c16d305ce

SHA1
b6fe8c7431a5f54d3df475c252ef268fd411ec08

SHA256
c7363832ac7f22d24a42dc1856365688a42fc7cbc37c76d1142f64921f2568bf

SHA512
90a2ac43e6ca6b39c15c33a5174ad3f210c21a4a7200308248aa9b59a3ea71cb72339a6431ae6b72e1ee4bba458e9fc33ea21f1fb269d6d4b0fe4c9f845f875b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E157AD86-5B8C-FCFB-376D-4B86F2A6F47A\0\main.js

Filesize
815B

MD5
38b80ddc5d86558761f7823417cd9140

SHA1
b3b37909a882de2a05ccd0954da54273896b59f5

SHA256
8dc4c40a3a6cc600e847bac105426dd10e2fb45b20a871514019bc0408563575

SHA512
cc838c462f2cd5e2eafc5bf7ac51348618bee0cc0141b23d60d6f296f13840d0f4ff5692842b8911cb84f975ce603c378aae247d83b2cb3c5c5f7d6a987de67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\E157AD86-5B8C-FCFB-376D-4B86F2A6F47A\0\offer0.html

Filesize
4KB

MD5
a188270396f19e6dc74efcf0e1aa758c

SHA1
78a97f4ca858e743f1679d7eb78ca7a31bd3b1ac

SHA256
40f9e6d5a541756fd8d92d606ded0bfdcfd3aee9b684f4d8db50a30a69d59099

SHA512
c89491da3f0df61544c1da4922da9133a942083a94c0272c6ebd0e98617dc81b540db93990975ff92e60404c8609c3525278fcb21c62c4c41bd34967fd909906

Download Submit