19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe
Size

469KB
MD5

39b62c66470ae30f22868abe94084ccd
SHA1

bf965beeff838f2437ab0aad63100cd700429764
SHA256

19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67
SHA512

6d24c12b46b81866f88bf83119b388e6afe554aae0c14cc4ebaab3d3005ae5f9010d0629dc45ef9ecf9228193657fa0f54b92a1580857298ec039ff80162e3b1
SSDEEP

12288:qQR17Zoi3bJmxfgDPIvep+UWL0R32UnrL7g:PZoiAxI0ven6657g

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2952	nssvvloiimyefdg.exe

Loads dropped DLL 2 IoCs

pid	Process
2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe
2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	nssvvloiimyefdg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2952	nssvvloiimyefdg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2952	nssvvloiimyefdg.exe
2952	nssvvloiimyefdg.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2952	2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	28
PID 2808 wrote to memory of 2952	2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	28
PID 2808 wrote to memory of 2952	2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	28
PID 2808 wrote to memory of 2952	2808	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Users\Admin\AppData\Local\Temp\nssvvloiimyefdg.exe
  "C:\Users\Admin\AppData\Local\Temp\\nssvvloiimyefdg.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
469KB

MD5
39b62c66470ae30f22868abe94084ccd

SHA1
bf965beeff838f2437ab0aad63100cd700429764

SHA256
19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67

SHA512
6d24c12b46b81866f88bf83119b388e6afe554aae0c14cc4ebaab3d3005ae5f9010d0629dc45ef9ecf9228193657fa0f54b92a1580857298ec039ff80162e3b1

Download Submit
\Users\Admin\AppData\Local\Temp\nssvvloiimyefdg.exe

Filesize
17KB

MD5
9e861713ae529093829da2368374551d

SHA1
c9fcd1a93925ceb258ebd2d0d4c852ec5cddd2b9

SHA256
7380586354a333986684f181d73f4eee951205ec4103f989daedb603b3e3fd96

SHA512
50343bdabef975745254b46fdefa55601dad099026543ae784ce44f15e6cfed2f7e9d0a2aadb615822f822bc68647443c232f89578bb98de9074bcb975f13734

Download Submit
memory/2952-17-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-18-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-11-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-14-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-15-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-16-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-8-0x000007FEF5AFE000-0x000007FEF5AFF000-memory.dmp

Filesize
4KB

Download
memory/2952-10-0x00000000004F0000-0x0000000000534000-memory.dmp

Filesize
272KB

Download
memory/2952-21-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-26-0x00000000214B0000-0x0000000021C56000-memory.dmp

Filesize
7.6MB

Download
memory/2952-31-0x000007FEF5AFE000-0x000007FEF5AFF000-memory.dmp

Filesize
4KB

Download
memory/2952-32-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-33-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-34-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-35-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-36-0x000007FEF5840000-0x000007FEF61DD000-memory.dmp

Filesize
9.6MB

Download