153e60fe7a5e20a09d79f706b7dae5876ae5597159af1b805c29b07ba58b23ee

Analysis

max time kernel
132s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe
Size

487KB
MD5

3cb57431d3a09a319211fd8404cc7861
SHA1

e2bf066b525ebecf7e2b126fab712c49622a8029
SHA256

153e60fe7a5e20a09d79f706b7dae5876ae5597159af1b805c29b07ba58b23ee
SHA512

38e1762e5987114f3b205362e4da65758cca539fb4fcde02d9995ef0a8f657adac97e85c94f5d68016717b312a8c41f426996fd6d5a9455d4907aeff7efe2c33
SSDEEP

12288:zeJpjUTGEsiklJWS4gOqN7YoNKJLf2vTMX4wC93+:opK0RmxfyTMXbCc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2276	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe
2276	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2276	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2276	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe
2276	3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3cb57431d3a09a319211fd8404cc7861_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dfsC12.tmp

Filesize
268KB

MD5
62c17a287e12ad779cad521b94d3e2ed

SHA1
c8e74d41303fcf799139636e45a44fccc2dd0abc

SHA256
efcc630bec05090f82a21cf6d23a109a57fc7ba96cfae958d93e7448e7f63760

SHA512
d1cf002279e56fa05887fd1094e8960222db52db0e7029748e5dbbfbd288e5d8aced18d0b5215666c9dbe094162f33e20397868d5e47a850b23ba687132d2cba

Download Submit
memory/2276-9-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-5-0x0000000000510000-0x000000000055A000-memory.dmp

Filesize
296KB

Download
memory/2276-6-0x0000000000220000-0x000000000022C000-memory.dmp

Filesize
48KB

Download
memory/2276-7-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-8-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-1-0x0000000073F5E000-0x0000000073F5F000-memory.dmp

Filesize
4KB

Download
memory/2276-10-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-13-0x000000000A5A0000-0x000000000AD46000-memory.dmp

Filesize
7.6MB

Download
memory/2276-21-0x0000000073F5E000-0x0000000073F5F000-memory.dmp

Filesize
4KB

Download
memory/2276-22-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-23-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download
memory/2276-24-0x0000000073F50000-0x000000007463E000-memory.dmp

Filesize
6.9MB

Download