5083d0a802612e6404774bfa364a97a96237b16af2a19f6b6e8cd9b9c06a0bcb

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 20:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe
Size

1.2MB
MD5

7a70d845ec583014fedd01aca384e05d
SHA1

b82194679c9afb47dac314905128115c2bb01fa3
SHA256

5083d0a802612e6404774bfa364a97a96237b16af2a19f6b6e8cd9b9c06a0bcb
SHA512

55416c470eba2c0187cae8516f737d2ae92260ce5c5c38d25b866313d0fcb442520889251fa02a68401786c30f0dab97c76909505966284ed74af953d60a13cd
SSDEEP

12288:E+45PYe+WVP/6aVNzdcyQPFV3YHA5Kucsd02xIQU1yCwr02pPwXFUJsrv8vD9Qne:E+4pxV3BRitZYP/yVeFUJfKnHpx7liiS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2180	7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe
2180	7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7a70d845ec583014fedd01aca384e05d_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\InstallTmp\Config.txt

Filesize
2KB

MD5
cb004acfbea373c1bb0331e73f2654c7

SHA1
6ab60f82daca362e8ba8c546ade655b6e9e153f2

SHA256
221b46370e876716dd0d48628be9959a94eeb30fff10d210521e4450c1dffcc1

SHA512
2cc593c4ad14254fbee378fe5876e6df481b11a693216e3ea19fb6689ba5a911ddc9c84514e486b13352283cc48a4b9cf40074a58e9089f1717abff8567a87b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallTmp\Readme.txt

Filesize
5KB

MD5
660283212989828403126967ca7af80e

SHA1
d2390fbf12c5692f3046a75fa6d10582831e06e3

SHA256
2b883de63e0b3e25a31ee2813a1e868c6733439167ad77ae46284699e286a8e0

SHA512
01d49226a00e4b7abce0843f30dcd3e5815146c3a444fc1f8b3ad462c2749e152084c5a994a6eb6cd4abb1b316680c0a3d78f5fecfc896dec5e9a9af39a90754

Download Submit
memory/2180-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2180-180-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/2180-182-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download