04ab2b87d79338c0553ca3150b03f9473d4fa47a0903898249d191571e3f88e7

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe
Size

1.5MB
MD5

511fdcc1ef11921e8f64a5684f3b76d9
SHA1

8e09ead33cf91354fd7a14593b60db2b4b4cd357
SHA256

04ab2b87d79338c0553ca3150b03f9473d4fa47a0903898249d191571e3f88e7
SHA512

85eaa7616c1433db85f3e5ee44966739762fa2b8caf8d3a59615d774d51193fa32836b6f1afc00bbf4cceba4314d30657b900b831271d49625ca84f887d1d310
SSDEEP

24576:Hhc8/1WetFzAI+V8YmeFUJfKrjCxxJF1zo2S4O/eH90X:Hhc8/9iHVwevr+tFSGHE

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1912	511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe
1912	511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\511fdcc1ef11921e8f64a5684f3b76d9_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\InstallTmp\Config.txt

Filesize
2KB

MD5
7def853334f5c60b930f445da0573b0e

SHA1
36aafc161df96cba9934191930099cc72f85dbbc

SHA256
e58e4054892ef60199a96b23baa73e07d51222d7d815c3377c2f90d6a6681b4b

SHA512
3a3b9e19d5292232a841baac3b8579feeffaca72f287890a56be1d109759f97eb62e0c58cf5a6499092491dc0779779285b826ce87b3ca07a2487d3b44077306

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallTmp\Readme.txt

Filesize
5KB

MD5
660283212989828403126967ca7af80e

SHA1
d2390fbf12c5692f3046a75fa6d10582831e06e3

SHA256
2b883de63e0b3e25a31ee2813a1e868c6733439167ad77ae46284699e286a8e0

SHA512
01d49226a00e4b7abce0843f30dcd3e5815146c3a444fc1f8b3ad462c2749e152084c5a994a6eb6cd4abb1b316680c0a3d78f5fecfc896dec5e9a9af39a90754

Download Submit
memory/1912-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1912-182-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/1912-184-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download