7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652

Analysis

max time kernel
141s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe
Size

6.5MB
MD5

65975f0ec8f73437db3a5374b09a441b
SHA1

e5d72c831e501e7a049bf743ddb335c67028d8b8
SHA256

7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652
SHA512

f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf
SSDEEP

196608:XfHYzcMRkypFxLyhiEK6iJ+NXeleJZclLsH5me:PocMR3oFKJJ+NXuwch

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe

pid process

744 65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Styles	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295"	reg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Styles	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295"	reg.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe

description	pid	process	target process
PID 744 wrote to memory of 372	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	reg.exe
PID 744 wrote to memory of 372	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	reg.exe
PID 744 wrote to memory of 372	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	reg.exe
PID 744 wrote to memory of 4224	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	mshta.exe
PID 744 wrote to memory of 4224	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	mshta.exe
PID 744 wrote to memory of 4224	744	65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe	mshta.exe

C:\Users\Admin\AppData\Local\Temp\65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe import "C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\Tools\patch.reg"
2⤵
- Modifies Internet Explorer settings
PID:372

C:\Windows\SysWOW64\mshta.exe
C:\Windows\system32\mshta.exe "C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\run.hta" --sfx "65975f0ec8f73437db3a5374b09a441b_JaffaCakes118.exe"
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4064,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:2776

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\DriverPackSolution.html
Filesize
4KB

MD5
ef5e55c1187442b6278452429b93ef85

SHA1
012bc5f42a31ccb817e12457c50d8ff51450e33b

SHA256
ba9168498ea0e20f95d9c1c67cfb9e4f79e0775db8aac50d2983494316e38281

SHA512
d8e20e220d156793d2c2da462c36cb9708396c2db08faa876aca7fef63bdcd6b7d31a6fc7d78659f682ba30cf73ab7b565a1f9226e434deaa8f86f7f9341c3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\Tools\patch.reg
Filesize
1KB

MD5
d49db2ec30494b46d332d516cead4969

SHA1
3d9ce116afe59760c9a1c149ddec92a2f92a0028

SHA256
c86ef9ed6e111d166818e8e0adb3cf5e2a3a5dfc6edc932abc298141ed6f2208

SHA512
1314c6bc4095e445c930c0a0a94a83ff39670081ed916337eed2f74e3453702ae0e0187c0e6c933d52868d80c36e9acbe558faf86f10146d0a825b97c3bc261d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\config.js
Filesize
3KB

MD5
8be11d79a3a34088a7d7dc7732e7b367

SHA1
ebd04615a0460a95cd637efc2ff32ab7367d2b83

SHA256
e65ed786b887b3e028bda74c649f1fe84b2dc64f6d59f9cecd01e9aa3c8fe54f

SHA512
d4d04a28aa693c9d3994abec520332641c533db0c62aa6eead48078f544fe175ad77c040fd238e824754eb1104aa9e766333d90fa44b7173af8623572f19857c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\custom-control.css
Filesize
10KB

MD5
f7f8703ada2176dc144343a2c2acb1cd

SHA1
091334a48056a8baafff0cd672232de1c1f6c838

SHA256
7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50

SHA512
27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\icons-checkbox.css
Filesize
444B

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\icons.css
Filesize
509B

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\normalize.min.css
Filesize
1KB

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\open-sans.css
Filesize
1KB

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\proximanova.css
Filesize
1KB

MD5
cf0c65f6d17307ccd7914e984ac86a6f

SHA1
4fcef85545731123eb5e3e1886817f8014f22e21

SHA256
58a658fd04bb4aa2ff90ff7125ca6e1775b1a9d053e2cfa44b8697990f9f134e

SHA512
0f171b8839385cd192d10c5c06e1b2284e6f2d7d74b9a9d7559252d1b63b8f94c670aa5225e80a5dce9056e92e0fd1506754c6f94b74703a02b7c4687d4976ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\roboto.css
Filesize
1001B

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\css\style.css
Filesize
14KB

MD5
56f7f26870409fd4928952ca73d66007

SHA1
10383d748386deadaae752edcf0b7a39e9609d48

SHA256
3d09c0356af5403e0c5e0450fd1581b9e01cadce216c2d37450ff84350b004d0

SHA512
da83aecf7025ab1798648c932c59b00b8238bf3c2ec476078b761ef38f4c8db8a353cf696b7352ced931ef1f66ec48de69ff380f5a2c86546df926887e9091cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\drp.css
Filesize
141KB

MD5
d576aace1958756a57d402d546f1ec87

SHA1
0ab2cc1b1b1eb6e192a08d5d7c1d55dc652983f2

SHA256
f6d7d4ddc2991b52eb6ffc9404dabf853e60da92eeabec0f18f5c5736b16c0d0

SHA512
89e7753c19eafe8ed435be7da56ad869b01ae8d3f0d05a3a6f13654ebd3fb4a786b6dc918c82b5ded493db69699f0bfe861735f75bec6fd8d992517fa88f8509

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\drp.js
Filesize
3.4MB

MD5
5f388dd7663808c1c9d060fda99ea4e2

SHA1
02d151571871d251ac27679a212dd1977e4b865c

SHA256
9780da3ec181f013488f93b0385b1dec1087794c5eac63e11a402877626f1987

SHA512
6060fdcf90f4250f3d3b7ee19d31ef8ed1c7c2d9c825374906a2602d5706cee3ec3a206e30f0556d70d1dd0798edfa29c339f7102606e3d4fea77e08456cfacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\img\installation\drivers\Notebook.png
Filesize
888B

MD5
e9c35a488b41ffa9645c0592b13c8c15

SHA1
f54aefb44fe34cceae28a808c270fe8f670b922f

SHA256
025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9

SHA512
33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriverPack-2024052215302\run.hta
Filesize
2KB

MD5
d20765817cdb05d0805f682ef9193386

SHA1
5dcee6bf0aeb0e5ffc9500a5d0bfe93ed1302cdc

SHA256
6d61529ce3e58354a6476c51aaff4b28e4ddda2433108376ee5f736e78ee1a04

SHA512
46a030efe7f87f625bd93f7f6487766b78565f9b1b7004d3afec5072969e5f7d93a46f3b446ffbaf0b3cc1a9d837eba17c3d83b07e40281082a1152a8c08a258

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscE580.tmp\System.dll
Filesize
23KB

MD5
8643641707ff1e4a3e1dfda207b2db72

SHA1
f6d766caa9cafa533a04dd00e34741d276325e13

SHA256
d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25

SHA512
cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

Download Submit
memory/744-455-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download