Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 01:29

General

  • Target

    7b3da13c54f4547886e7d2f6d9f872f5_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    7b3da13c54f4547886e7d2f6d9f872f5

  • SHA1

    429c02c764568d8a41a39f4fb1f2c408f7695c94

  • SHA256

    cd59596c31ef8ad0b85b734306bde1a1fbfcc96d0f26f9d8d78bf89050a3bbe9

  • SHA512

    3dbe776b8068ac3723c5b417d3794308d64e45a95fc1f976e3236ef98988cbc69fa20133ce21cb7ee207a7df407c3ec42e70d4bb2a249fee002481b4b220d819

  • SSDEEP

    12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQS:sV4W8hqBYgnBLfVqx1Wjk/

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b3da13c54f4547886e7d2f6d9f872f5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7b3da13c54f4547886e7d2f6d9f872f5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1356 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          471B

          MD5

          39f991f6e6aecffbe2db5dcecf1f226f

          SHA1

          b512ccfff1d83f102d75aa8f78df0c7051bd2df0

          SHA256

          6911a1c252519f8cb3db2a3eead8863ae288e14c699866b2bc580cfc0f3f42a7

          SHA512

          3d7954ad14d8361a0f9a5939c0b0290bb42fa32ac2da1a809d3985195347898f4f0b1d0c1e33d87a6d14d61c48fe3258d7820a0bece6723b0f6e18eb60307e71

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          404B

          MD5

          340a7d6d61faa4dc707be05545516196

          SHA1

          ce1ebeee8666d61d125671391d2c306e87eb0f12

          SHA256

          42eb993ff1bfa0fbde2e8b08a087cb190ec32b66bce6d0a33a02c14aeab45ae5

          SHA512

          1518e9983574a496eeb3bbdf6fc340b1b6698a7f846d2ebdc516a0d8100e7e3a5305df17fad8e99030a43c9da9cc27970fdc71a79ac33a8bb9575ab554cdd0cd

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee