12ef26b9a0495971007751de44e13057baa9878f89ff3defd9436ed1954b5d31

Analysis

max time kernel
148s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:19

Target

4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe
Size

1.6MB
MD5

4dbc7cdda6645b5a2ffcf859fa3fc104
SHA1

7de115d4f7c507adc8030400b7ae2c0d7fc39023
SHA256

12ef26b9a0495971007751de44e13057baa9878f89ff3defd9436ed1954b5d31
SHA512

c69c1362a7c95f57dad236dddfeb1319e4eb9071da09c64f15d9077bce30d193b208394c20fafaefa95c800e451fab9d1e1580286912eb08e21a4d7384f177d5
SSDEEP

49152:vvoHT8VZrG5xLo0hypekhsSF3Ux4l6LzXS8GzkRSmU:vwgS5h/c/JUul6zCkzU

Score

7^/10

Loads dropped DLL 3 IoCs

pid	Process
1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe
2612	RunDll32.exe
2612	RunDll32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe
1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2612	1660	4dbc7cdda6645b5a2ffcf859fa3fc104_JaffaCakes118.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\OCSetupHlp.dll

Filesize
751KB

MD5
26bf90f095295b3f9b13229421b97569

SHA1
1953205695439b435c3f4799927ff1075e44abfe

SHA256
7b4d8550468b5d95beca869a2d5f765738a66e0bd136a83b86924f2201ea8052

SHA512
7e990afb12814221f0afdb5e9d101ceb62d7d999f5a0272b5695f5c39aa1bb9aae7ad076abeceb20363e1e4138dfb528b8a18e2b13b47a647275ea8bebc6c6ff

Download Submit
memory/1660-1-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/2612-9-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download