ac17e5e7ab1e8ca929c6f914d823f9ba815156024da42b504be6a3dc301ca38d

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641765c18040b52233072956c36d90b9_JaffaCakes118.exe
Size

283KB
MD5

641765c18040b52233072956c36d90b9
SHA1

53e6228caee4647fdb80baaffcf5887f89772c27
SHA256

ac17e5e7ab1e8ca929c6f914d823f9ba815156024da42b504be6a3dc301ca38d
SHA512

d2b66badaffe747ab0e49d1e84b9acefc90b36d5751138ae8e71fd1f462da020bed8ecbf60ff2a7194901233f17a80177eb0c0d710564659812258c2132a7e09
SSDEEP

6144:8wR5za+HqlckLlSNb8uBaKxW6cG+GF6nTg24Yg:TR5zaoMckLMNGKxW6L+GFwTgv

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1452	641765c18040b52233072956c36d90b9_JaffaCakes118.exe
1452	641765c18040b52233072956c36d90b9_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	641765c18040b52233072956c36d90b9_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1452	641765c18040b52233072956c36d90b9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1452	641765c18040b52233072956c36d90b9_JaffaCakes118.exe
1452	641765c18040b52233072956c36d90b9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\641765c18040b52233072956c36d90b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\641765c18040b52233072956c36d90b9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\kut230B.tmp

Filesize
522KB

MD5
ded9046b5669253bd9bd5a015cba0cd0

SHA1
72cb596388513e1a6309a931eefb1f93137bf707

SHA256
0d389a7c0d16ae24f744ae57844ad2dbeaa73b8484df064c6dcd1f581a0d4f5f

SHA512
8ad53f3bb55097b6262bbb42b6d07620c87c5f54cc767e00e0ea3f45c6a866a2836a57d2b54f9bb91c1c6cf0ab37118afadea83e349e613248bded96289d3ef4

Download Submit
memory/1452-11-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-23-0x0000000000AA0000-0x0000000000B70000-memory.dmp

Filesize
832KB

Download
memory/1452-1-0x0000000000AA0000-0x0000000000B70000-memory.dmp

Filesize
832KB

Download
memory/1452-7-0x0000000004830000-0x00000000048B8000-memory.dmp

Filesize
544KB

Download
memory/1452-8-0x0000000000530000-0x000000000053A000-memory.dmp

Filesize
40KB

Download
memory/1452-9-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-3-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/1452-12-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-10-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-15-0x000000000A9B0000-0x000000000B156000-memory.dmp

Filesize
7.6MB

Download
memory/1452-2-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/1452-24-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/1452-25-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-27-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/1452-28-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download