402c84b9b4a61563e5b262bb650a98190fa4755c070096cc50d786dd762b0294

Analysis

max time kernel
132s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe
Size

460KB
MD5

85499ca6a94595c93e50743baad7eb7c
SHA1

f15c334ff9ad5aec13c0ff03abe156b6626ef048
SHA256

402c84b9b4a61563e5b262bb650a98190fa4755c070096cc50d786dd762b0294
SHA512

369e3d2515d728c20b455b972f8e0d1063e0733de69e97c3d78e056b4579ee3589b0b3fff225597efeeabd53f24ea35d09dcd1c12eacdf7ce4e4948284a167f1
SSDEEP

6144:8DfmoguYIcjmZkPfde/DHglMI7UoTXmqXsq6cBbzHxBqXzNt1ZRFG4IQPY+:uDcjzPfGHghUoTXmqEcprxBERt1XrII

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	ewvijqfgclny.exe

Loads dropped DLL 2 IoCs

pid	Process
1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe
1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	ewvijqfgclny.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2520	ewvijqfgclny.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2520	ewvijqfgclny.exe
2520	ewvijqfgclny.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2520	1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2520	1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2520	1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2520	1920	85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\85499ca6a94595c93e50743baad7eb7c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\sevcgyqbysux\ewvijqfgclny.exe
  "C:\Users\Admin\AppData\Local\Temp\sevcgyqbysux\ewvijqfgclny.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sevcgyqbysux\parent.txt

Filesize
460KB

MD5
85499ca6a94595c93e50743baad7eb7c

SHA1
f15c334ff9ad5aec13c0ff03abe156b6626ef048

SHA256
402c84b9b4a61563e5b262bb650a98190fa4755c070096cc50d786dd762b0294

SHA512
369e3d2515d728c20b455b972f8e0d1063e0733de69e97c3d78e056b4579ee3589b0b3fff225597efeeabd53f24ea35d09dcd1c12eacdf7ce4e4948284a167f1

Download Submit
\Users\Admin\AppData\Local\Temp\sevcgyqbysux\ewvijqfgclny.exe

Filesize
7KB

MD5
5c8d03a5ec787ea93c739834305b9433

SHA1
0f2ca54afe527f7591bf58a2e52ee9dc98b88941

SHA256
95db3c8dd7e63960656ed66ebdc060db9500d88f2c08902391ed6fb0ed3092f4

SHA512
382a4bfaa59a0f85b2f8628971ffe5de81989fc0d0320910d09397b22e654772ce8434381653711e58c2ac962556c85a8029689af763a42ae7d9808b1cfd3203

Download Submit
memory/2520-14-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-11-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-12-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-13-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-10-0x0000000000B80000-0x0000000000BC4000-memory.dmp

Filesize
272KB

Download
memory/2520-15-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-8-0x000007FEF534E000-0x000007FEF534F000-memory.dmp

Filesize
4KB

Download
memory/2520-22-0x0000000021110000-0x00000000218B6000-memory.dmp

Filesize
7.6MB

Download
memory/2520-27-0x000007FEF534E000-0x000007FEF534F000-memory.dmp

Filesize
4KB

Download
memory/2520-28-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-29-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-30-0x000007FEF5090000-0x000007FEF5A2D000-memory.dmp

Filesize
9.6MB

Download